Privacy statement

Privacy statement Merin


Merin takes your privacy seriously and will process and use information about you (the data subject) in a safe way. In this Privacy Statement we explain which personal data we process, and for what purpose. In addition, this Privacy Statement will give you information about your rights with regard to our processing of your personal data. We encourage you to carefully read through this Privacy Statement. If you have any questions, please contact

Who is Merin?

We are Merin Management B.V. (hereinafter: Merin), and we have our registered office at Hogehilweg 8, 1101 CC Amsterdam. We focus on acquisition, management, exploitation, development and investing in offices and business premises in the Netherlands.

In the context of our services, we collect, retain, pass on or otherwise process personal data. On the basis of the applicable privacy legislation, we qualify as a processing controller with regard to your personal data as processed by us.

How does Merin use your data?

Below you will find an overview of the purposes for which Merin processes your personal data. In each case, it is stated which data Merin uses for that specific purpose, the legal basis permitting the processing of the data and how long the data will be kept by Merin. In order to give you an organised overview, we have grouped it by type of data flow.

Provision of services, customer management and financial administration

Purpose Data Basis Retention Period:
Financial administration Name, Company Name, Billing Address, Bank Details (Name of Bank/IBAN/BIC), Outstanding Balance Implementation of the agreement


Ten (10) years from the date of drafting of the document, or such longer period as is required in connection with a pending or expected legal dispute.
Invoicing Company Name, Billing Address, Chamber of Commerce Number, VAT number, Customer Number, Telephone Number, E-mail Address Implementation of the agreement Ten (10) years from the date of drafting of the document, or such longer period as is required in connection with pending or expected legal proceedings
CRM Name, E-mail Address, Order History, Telephone Number, Chamber of Commerce Number, Website url., Company Logo, Address. Implementation of the agreement


Five (5) years after termination of the customer relationship, or such longer period as is required in connection with pending or expected legal proceedings.
Provision of services Name, Address and Residence data, E-mail Address, File Data, Financial Data, Information necessary to deliver the service, Data that are generated during the service Implementation of the agreement Five (5) years after termination of the customer relationship, or such longer period as is required in connection with pending or expected legal proceedings.


Lease Name, Address and Residence data, Chamber of Commerce Number, Telephone Number, E-mail Address, Gender, Copy ID Implementation of the agreement Five (5) years after the termination of a lease


Purpose Data Basis Retention Period:
Offer an account Name, Address, E-mail Address, User Name Implementation of the agreement Three (3) months after the termination of the account
Listing company name on our website Company name, logo, website url.   Implementation of the agreement  three (3) months after the removal of the listing on the website

How do we obtain your personal data?

Merin holds data about you because you have provided us with data and because Merin has obtained data from third parties. Those third parties may, for example, be (online) real estate agents. The following personal data are obtained from the online real estate agents: name company, name contact person within the company, his/her telephone number and his/her e-mail address.

What are your rights?

Under the European General Data Protection Regulation, you have a number of rights relating to your data and the processing thereof:

Right to access

If you want to access the personal data Merin has stored on you, you may submit a request to that end.

Right to rectification

If you want to make changes to your personal data, you may submit a request to this effect to Merin. You may request that Merin changes, rectifies or supplements your data.

Right to erasure

In certain cases, you have the right to have certain personal data erased. This is the case, for example, if the data have been processed unlawfully or if the data are no longer needed for the purpose for which they were collected or processed.


Right to restriction of processing

In addition, you have the right, under certain conditions, to obtain from Merin restriction of the processing of your personal data.

Right to object

If certain processing takes place on the basis of the ‘legitimate interest’ of Merin or a third party, you have the right to object to such processing.

Data transfer

You have the right to obtain your personal data from Merin. Merin will provide these in a structured and conventional form, which can be opened easily in other common digital systems. This way, you can also store your data with another provider.

Revoke consent

Whenever the basis for particular data processing requires your consent, you have the right to revoke such consent. This has no consequences for the past, but does mean, however, that we may in that case no longer process these data. It may be that as a result, Merin will no longer be able to deliver certain services to you.

Reaction by Merin

A request may be sent to Merin will deal with your request as soon as possible and in any event will come back to you not later than one (1) month after Merin has received such a request, to inform you about the result of your request. If Merin rejects your request, we will indicate in our reply as to why the request has been rejected.

Recipients of the personal data

The data may be passed on to:

  • Processors, like IT service providers, marketing agencies, (online) real estate agents etc.
  • Parties involved in the execution or performance of an agreement between you and Merin, like suppliers, utility companies, contractors, etc.
  • External advisers, like legal advisers, debt collection agencies, etc.

It may be that Merin is obliged to provide your data to a third party, for example on the basis of a statutory obligation.

Passing on to another country or international organisation

It may, for (for example) technical and operational reasons, be necessary that your personal data are passed on to companies affiliated with Merin outside the European Economic Area. Because the regulations in the field of the protection of privacy may probably not offer the same protection as within the European Economic Area, Merin will make use of the Privacy Shield of the EU Model Clauses in order to protect your privacy as far as possible. You may request us to provide you with a copy of the appropriate safeguards in this respect. If that is not possible, Merin will ask for your permission to pass on your personal data to countries without an adequate level of protection. You may withdraw this permission at any time.

What are cookies and how does Merin use them?

Cookies are small pieces of text information which are sent to your browser when you visit the website of Merin, and which are subsequently stored on the hard disk or in the memory of your computer, tablet or mobile phone (hereinafter: Device). The cookies stored via the website of Merin cannot damage your Device or the files stored on such Device. You can read more about our cookies in our cookie statement.

Can this Privacy Statement be changed?

This Privacy Statement may be changed. We therefore advise you to read the Privacy Statement regularly for any changes. In the event of substantial changes, we will inform you accordingly.

Who do I contact if I have a complaint or a question?

If you have any questions about this Privacy Statement and the way in which Merin uses your data, please send an e-mail to Also, if you have a complaint about the way in which Merin processes your data, please send an e-mail to In addition, you may always contact the competent national regulatory authorities in the field of privacy protection. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).